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DETAILED ACTION 



1. 



This correspondence is in response to Amendments and REMARKS filed on April 17, 2008. 



2. 



Claims 10-25 are cancelled; and Claim 5 is amended. 



3. 



Claims 1-9 are pending. 



Response to Arguments 



4. 



Applicant's arguments filed on 04/17/2008 have been fully considered but they are not 



persuasive. 



Regarding Claim 1 . Applicants argued: 

". . Applicants respectfully submit that displaying a different array of the same set of 36 different 
characters in a matrix for each password entry as described in Baker does not describe 'where 
array of alpha-numeric characters are displayed in a visibly detectable frequency' as claimed. . ." 

Examiner respectfully disagrees. 

The first limitation of Claim 1 reads, "...displaying a password prompt comprising a changing 
stream of random characters, wherein a particular character within said changing stream of characters 
is displayed at a visibly detectable higher frequency. . ." 

As indicated in the prior office action sent. Baker discloses [in col.2, lines 57-61 , "The I/O device 1 
is shown in more detail in FIG. 2. It consists of a display 5 controlled by the microprocessor and memory 
2 which implements the password algorithm and dispiays a random array of ctiaracters 8 consisting of 
six columns of six characters each"]. Thus, the system of Baker does not display 'same set of 36 different 
characters' as Applicant argued, but displays random array of characters in a 6*6 matrix [or in 36 prompt 
positions]. Additionally, Baker discloses [in FIG.4, for example] the matrix ROW/COLUMN as N by M; 
such that, N and M are adjustable numbers. Thus, if the value of N [or ROW] is set to 1 , the password 
prompt displaying alpha-numeric [or stream] of random characters would be a one row password display. 
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Furthermore, Baker discloses [see FIG.4, for example] a password algorithm of generating and displaying 
alpha-numeric characters [steps 22 and 23], and then the user selects a column and row; i.e., character 
position [step 24] by visually following the randomly changing alpha-numeric [or stream] characters. 

Additionally Applicants argued: 

"...a difference between Baker and Hoover and claim 1 is that Baker describes a user 
selecting a row or coiumn in which a character of a password is displayed and Hoover describes 
a user using keystrokes or a mouse selection to select one of multiple displayed fields 
containing a character or to Increment or decrement a digit displayed In a field, therefore, 
clearly neither Baker nor Hoover separately or in combination describe a user providing inputs 
that would adjust the particular character displayed at a higher frequency within a random stream 
of characters..." 

Examiner respectfully disagrees. 

First, Examiner could not understand Applicant's argument clearly, because Hoover is applied to 
claim 1 to address the claimed limitation "receiving input to increment or decrement said particular 
character to reach a password character of a password" . As best understood from Applicant's argument, 
Applicant agrees Hoover teaching the limitation, but argues that combination of Baker and Hoover not 
teaching claim 1 as a whole. 

Second, as Applicant admitted. Hoover teaches [in col.2, lines 47-51, "For example, for a six-digit 
PIN, the system starts by displaying six random digits. To select his PIN, the user cursors through the 
digits. At each digit, he hits the up or down arrow key (to Increment the digit by +1 or -1) an 
appropriate number of times until the desired digit appears"]. In other words. Hoover discloses 
incrementing or decrementing a digit [or password character] to reach at the desired password digit [or to 
reach a password character of a password, as claimed]. One of ordinary skill in the art recognizes that the 
method of Hoover could be applied to alpha-numeric characters. 
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Finally, Applicants argued: 

"...because a proper Graham factual findings indicate differences between Goal and Hyponnen 
and claim 1 and no clear articulation of the reasons why the claimed invention of claim 1 would 
have been is provided, the Office erred in finding prima facie obviousness as to claim 1..." 

Examiner respectfully disagrees. 

First, Examiner is not sure of the phrase "...differences between Goal and Hyponnen and claim 
1..." Examiner interprets the phrase as "differences between Baker and Hoover and claim 1..." 

Second, Examiner understands Applicant's argument as saying 'there is no suggestion to 
combine Baker and Hoover'. Examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention where there is 
some teaching, suggestion, or motivation to do so found either in the references themselves or in the 
knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1 071 , 5 
USPQ2d 1596 (Fed. Cir. 1988) and In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this 
case, both Baker and Hoover are directed to password entry systems; and, in addition, the prior arts 
disclose system of protecting the password entry system [see abstract of Baker and col.1 of Hoover]. 

Therefore, since Applicant's argument is not found persuasive, the last rejection sent is repeated; 
and this action is made Final . 

Claim Rejections - 35 USC § 103 
5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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Claims 1-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over " Baker " (US 5,428,349) 
in view of " Hoover " (US 6,209,102 B1). 

As per Claim 1, Baker teaches, 

A computer-implemented method for secure password entry (see Fig.2-4; and abstract), 
comprising: displaying a password prompt comprising a changing stream of random characters (see 8 in 
Fig. 2 & 3; where a stream of random characters is displayed), wherein a particular character within said 
changing stream of random characters is displayed at a visibly detectable higher frequency (see Steps 22 
& 23 in Fig.4; where array of alpha-numeric characters are displayed in a visibly detectable frequency). 

Baker fails to teach explicitly receiving input to increment or decrement said particular character 
to reach a password character of a password. However, in the same filed of endeavor, Hoover teaches 
receiving input to increment or decrement said particular character to reach a password character of a 
password (see Fig.1 & 2; and for example, col. 2, line 36-63). 

It would have been of obvious to a person having ordinary skill in the art at the time of Applicant's 
invention to combine the teachings of Hoover and Baker because both inventions are directed to method 
of password entry system. Incorporating the input increment and decrement feature of Hoover modifies 
the password entry system of Baker, so that a mechanism to prevent an attacker from downloading 
keystrokes or character positions when an authorized user enters password to gain an access to a 
secured system is implemented (see of Background Hoover). 

As per Claims 2 and 3, Baker-Hoover combination teaches, 

displaying a plurality of character positions, wherein a stream of random characters is displayed 
in each of said plurality of character positions (see Fig.2-3; where plurality of character positions of 
positions are displayed; and for example, col.2, line 57 to col.3, line 12 of Baker), wherein a particular 
position from among said plurality of character positions provides said password prompt (see Step 24 of 
Fig.4; where user selects a particular position; and for example, col.3, lines 12-44 of Baker); and 
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adjusting a number of said plurality of character positions (see Step 23; where the N and/or M in 
ROW/COLUMN can be adjusted; and for example, col. 3, line 57 to col.4, line 28 of Baker). 

As per Claim 5, Baker-Hoover combination leaches, 

responsive to receiving input of a character selection input for selecting said particular character, 
selecting said particular character as said password character from among a plurality of separately 
selectable password characters of said password (see Step 24 of Baker; where user selects a password 
character from the matrix array); and 

responsive to receiving input of a password completion character indicating that said password is 
complete, securely passing each separately selected password character of said password to a 
requesting software layer (see Steps 27-31 of Baker; where last element of the password is entered and 
access is either permitted or denied ). 

As per Claims 6 and 7, Baker-Hoover combination teaches, 

responsive to receiving a request for a password from a software layer within a data processing 
system, invoking a password entry controller (see MICROPROCESSOR CONTROLLER or PASSWORD 
ALGORITHM in Figs.1, 5 and 6 of Baker) from within said data processing system, wherein said 
password entry controller controls said displaying said password prompt (see for example, col.2, line 44 
to col. 3, line 8; and col.4, lines 30-56 of Baker); and 

responsive to receiving, at a client system (see REMOTE TERMINAL in Fig.5 of Baker), a 
request for a password entry from a server system (see MAIN COMPUTER 45 in Fig.5 of Baker) from 
which said client system is attempting to access a resource, invoking a password entry controller from 
within said data processing system, wherein said password entry controller controls said displaying said 
password prompt (see for example, col.4, lines 30-44 of Baker). 

Hoover teaches a receiving input to increment or decrement said particular character (see Fig.1 
& 2; and for example, col. 2, line 36-63). 
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As per Claims 8 and 9 Baker teaches, 

generating and displaying said stream of random characters, wlierein said particular character is 
randomly selected (see abstract and Fig.2-3 and Step 23; where array of random characters are 
displayed; and for example, col.1, line 55 to col.2, line 10 of Baker). 

Baker fails to teach explicitly adjusting a frequency percentage at which said particular character 
is displayed; however, Baker teaches displaying randomized alpha-numeric matrix array of characters at 
constant frequency (see abstract and Fig.2-3 and Step 23). 

It would have been of obvious to a person having ordinary skill in the art at the time of Applicant's 
invention to modify the system of Baker to display characters in an adjusted frequency percentage in 
order to enhance the password entry display unit, which would further discourage and confuse an 
attacker while eavesdropping. 

Conclusion 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth 
in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to AMARE TABOR whose telephone number is (571)270-3155. The examiner can normally 
be reached on Mon-Fri 8:00a.m. to 5:00p.m., EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative 
or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 
1000. 

Amare Tabor 
(AU2139) 

/Kristine Kincaid/ 

Supervisory Patent Examiner, Art Unit 2139 



